Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with pentesting

A curated list of projects in awesome lists tagged with pentesting .

https://github.com/bee-san/ciphey

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

artificial-intelligence cipher cpp cryptography ctf ctf-tools cyberchef-magic decryption deep-neural-network encodings encryptions hacking hacktoberfest hashes natural-language-processing pentesting python

Last synced: 11 Dec 2025

https://github.com/ffuf/ffuf

Fast web fuzzer written in Go

fuzzer infosec pentesting web

Last synced: 21 Oct 2025

https://github.com/OWASP/owasp-mstg

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS.

android android-application compliancy-checklist dynamic-analysis hacking ios ios-app mast mastg mobile-app mobile-security mstg network-analysis pentesting reverse-engineering reverse-enginnering runtime-analysis static-analysis testing-cryptography

Last synced: 17 Aug 2025

https://github.com/owasp/owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

android android-application compliancy-checklist dynamic-analysis hacking ios ios-app mast mastg mobile-app mobile-security mstg network-analysis pentesting reverse-engineering reverse-enginnering runtime-analysis static-analysis testing-cryptography

Last synced: 14 May 2025

https://github.com/OWASP/owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

android android-application compliancy-checklist dynamic-analysis hacking ios ios-app mast mastg mobile-app mobile-security mstg network-analysis pentesting reverse-engineering reverse-enginnering runtime-analysis static-analysis testing-cryptography

Last synced: 19 Mar 2025

https://github.com/oj/gobuster

Directory/File, DNS and VHost busting tool written in Go

dns go pentesting tool web

Last synced: 12 May 2025

https://github.com/juice-shop/juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable

Last synced: 13 May 2025

https://bkimminich.github.io/juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

24pullrequests application-security appsec ctf hacking hacktoberfest javascript owasp owasp-top-10 owasp-top-ten pentesting security vulnapp vulnerable

Last synced: 20 Mar 2025

https://github.com/hacktricks-wiki/hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

hacking hacktricks peass pentesting

Last synced: 16 May 2025

https://github.com/infosecn1nja/red-teaming-toolkit

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

hacking infosec pentesting red-team

Last synced: 25 Jan 2026

https://github.com/OJ/gobuster

Directory/File, DNS and VHost busting tool written in Go

dns go pentesting tool web

Last synced: 20 Mar 2025

https://github.com/infosecn1nja/Red-Teaming-Toolkit

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

hacking infosec pentesting red-team

Last synced: 30 Mar 2025

https://github.com/HackTricks-wiki/hacktricks

Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

hacking hacktricks peass pentesting

Last synced: 28 Mar 2025

https://github.com/n1nj4sec/pupy

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) C2 and post-exploitation framework written in python and C

android backdoor linux mac-os meterpreter payload pentesting post-exploitation pupy python rat reflective-injection remote-access remote-admin-tool reverse-shell shell windows

Last synced: 10 Apr 2025

https://github.com/byt3bl33d3r/CrackMapExec

A swiss army knife for pentesting networks

active-directory networks pentesting powershell python windows

Last synced: 26 Mar 2025

https://github.com/byt3bl33d3r/crackmapexec

A swiss army knife for pentesting networks

active-directory networks pentesting powershell python windows

Last synced: 28 Mar 2025

https://github.com/yogeshojha/rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

bug-bounty bugbounty hacking information-gathering infosec osint penetration-testing pentesting recon recon-engine reconnaissance rengine scanner scanner-web scanning security-tools

Last synced: 25 Jan 2026

https://github.com/thekingofduck/fuzzdicts

You Know, For WEB Fuzzing ! 日站用的字典。

directory fuzz-testing fuzzer fuzzing paramter password pentesting username wfuzz

Last synced: 14 May 2025

https://github.com/TheKingOfDuck/fuzzDicts

You Know, For WEB Fuzzing ! 日站用的字典。

directory fuzz-testing fuzzer fuzzing paramter password pentesting username wfuzz

Last synced: 05 Apr 2025

https://github.com/OWASP/wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security

Last synced: 30 Mar 2025

https://github.com/owasp/wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

application-security appsec best-practices bugbounty guide hacking hacktoberfest owasp penetration-testing pentesting security

Last synced: 26 Mar 2025

https://github.com/firerpa/lamda

🤖 The most powerful Android RPA framework, the next generation of mobile automation robots.

adb agents ai android appium automation dynamic-analysis frida magisk mcp mcp-server mobile-security pentesting remote-control reverse-engineering security uiautomation uiautomator2 workflow xposed

Last synced: 10 May 2025

https://github.com/dstotijn/hetty

An HTTP toolkit for security research.

bugbounty http infosec mitm pentesting proxy

Last synced: 13 May 2025

https://github.com/six2dez/reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

bug-bounty bugbounty dns fuzzing hacking nuclei osint penetration-testing pentest pentest-tool pentesting recon reconnaissance scanner security security-tools subdomain vulnerabilities

Last synced: 13 May 2025

https://github.com/0x4m4/hexstrike-ai

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.

0x4m4 ai ai-agents ai-cybersecurity ai-hacking ai-penetration-testing ai-security-tool artificial-intelligence ctf-tools generative-ai hexstrike kali-linux kali-tools llm llm-integration mcp mcp-server mcp-tools pentesting pentesting-tools

Last synced: 21 Jan 2026

https://github.com/promptfoo/promptfoo

Test your prompts, agents, and RAGs. Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration.

ci ci-cd cicd evaluation evaluation-framework llm llm-eval llm-evaluation llm-evaluation-framework llmops pentesting prompt-engineering prompt-testing prompts rag red-teaming testing vulnerability-scanners

Last synced: 21 Jan 2026

https://github.com/ihebski/defaultcreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

blueteam bugbounty cheatsheet credentials-gathering cybersecurity default-password exploit infosec offensive-security pentest pentesting

Last synced: 25 Mar 2025

https://github.com/ihebski/DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

blueteam bugbounty cheatsheet credentials-gathering cybersecurity default-password exploit infosec offensive-security pentest pentesting

Last synced: 02 Apr 2025

https://github.com/androguard/androguard

Reverse engineering and pentesting for Android applications

android dalvik dex odex pentesting reverse-engineering

Last synced: 12 May 2025

https://github.com/dominicbreuker/pspy

Monitor linux processes without root permissions

ctf enumeration golang pentesting privesc security

Last synced: 14 May 2025

https://github.com/DominicBreuker/pspy

Monitor linux processes without root permissions

ctf enumeration golang pentesting privesc security

Last synced: 04 Apr 2025

https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

android-application dynamic-analysis ios-app mobile-app network-analysis pentesting reverse-engineers runtime-analysis static-analysis

Last synced: 19 Mar 2025

https://github.com/LyleMi/Learn-Web-Hacking

Study Notes For Web Hacking / Web安全学习笔记

hacking penetration-testing pentesting security study-notes web-hacking

Last synced: 04 Apr 2025

https://github.com/jassics/security-study-plan

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

api-security application-security appsec appsec-tutorials aws-security azure-security cybersecurity cybersecurity-education devsecops-university gcp-security infosec pentesting security-testing study-guide study-plan study-planner

Last synced: 09 Feb 2026

https://github.com/madhuakula/kubernetes-goat

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

blueteam cloud-native cloud-security cloudsecurity container container-security devsecops docker hacking infrastructure k8s kubernetes kubernetes-goat kubernetes-security owasp pentesting redteam security vulnerable-app

Last synced: 13 May 2025

https://github.com/lylemi/learn-web-hacking

Study Notes For Web Hacking / Web安全学习笔记

hacking penetration-testing pentesting security study-notes web-hacking

Last synced: 02 Apr 2025

https://github.com/hakluke/hakrawler

Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application

bugbounty crawling hacking osint pentesting recon reconnaissance

Last synced: 14 May 2025

https://github.com/tanprathan/mobileapp-pentest-cheatsheet

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

android-application dynamic-analysis ios-app mobile-app network-analysis pentesting reverse-engineers runtime-analysis static-analysis

Last synced: 25 Feb 2025

https://github.com/undeadsec/socialfish

Phishing Tool & Information Collector

educational pentest pentesting phishing python undead

Last synced: 13 May 2025

https://github.com/bluscreenofjeff/red-team-infrastructure-wiki

Wiki to collect Red Team infrastructure hardening resources

cobalt-strike empire infrastructure pentesting red-team redirector

Last synced: 30 Oct 2025

https://github.com/ullaakut/cameradar

Cameradar hacks its way into RTSP videosurveillance cameras

cameras cctv hacking hacking-tool infosec netsec penetration-testing pentesting rtsp security security-tools

Last synced: 01 Feb 2026

https://github.com/UndeadSec/SocialFish

Phishing Tool & Information Collector

educational pentest pentesting phishing python undead

Last synced: 27 Mar 2025

https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki

Wiki to collect Red Team infrastructure hardening resources

cobalt-strike empire infrastructure pentesting red-team redirector

Last synced: 16 Mar 2025

https://github.com/reverseclabs/drozer

The Leading Security Assessment Framework for Android.

android drozer java mobile mobsec mwr pentesting security withsecure

Last synced: 11 May 2025

https://github.com/withsecurelabs/drozer

The Leading Security Assessment Framework for Android.

android drozer java mobile mobsec mwr pentesting security withsecure

Last synced: 08 May 2025

https://github.com/FSecureLABS/drozer

The Leading Security Assessment Framework for Android.

android drozer java mobile mobsec mwr pentesting security withsecure

Last synced: 02 May 2025

https://github.com/WithSecureLabs/drozer

The Leading Security Assessment Framework for Android.

android drozer java mobile mobsec mwr pentesting security withsecure

Last synced: 01 Apr 2025

https://github.com/Ullaakut/cameradar

Cameradar hacks its way into RTSP videosurveillance cameras

cameras cctv hacking hacking-tool infosec netsec penetration-testing pentesting rtsp security security-tools

Last synced: 14 Mar 2025

https://github.com/t3l3machus/villain

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

c2 cybersecurity hacking hacking-tool offensive-security open-source penetration-testing penetration-testing-tools pentest pentesting readteaming redteam redteam-tools

Last synced: 13 May 2025

https://github.com/t3l3machus/Villain

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).

c2 cybersecurity hacking hacking-tool offensive-security open-source penetration-testing penetration-testing-tools pentest pentesting readteaming redteam redteam-tools

Last synced: 30 Mar 2025

https://github.com/knownsec/pocsuite3

pocsuite3 is an open-sourced remote vulnerability testing framework developed by the Knownsec 404 Team.

pentesting python security security-tools

Last synced: 19 Jun 2025

https://github.com/leebaird/discover

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.

bash enumeration information-gathering kali-linux metasploit nmap osint payload-generator pentesting recon reconnaissance red-team scanning

Last synced: 13 May 2025

https://github.com/ysrc/xunfeng

巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。

exploits infosec pentesting scanner security security-audit vulnerability-assessment vulnerability-detection vulnerability-scanners

Last synced: 14 May 2025

https://github.com/diego-treitos/linux-smart-enumeration

Linux enumeration tool for pentesting and CTFs with verbosity levels

ctfs hacking hackthebox linux-enumeration oscp pentesting privesc privilege-escalation

Last synced: 14 May 2025

https://github.com/mr-xn/burpsuite-collections

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

burp-extensions burp-requests burpsuite burpsuite-extender burpsuite-java burpsuite-tools burpsuite-xkeys hackbar hacktool j2eescan jar pentest-tool pentesting python-burp sendto shiro-burp sqlmap waf

Last synced: 26 Oct 2025

https://github.com/Mr-xn/BurpSuite-collections

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

burp-extensions burp-requests burpsuite burpsuite-extender burpsuite-java burpsuite-tools burpsuite-xkeys hackbar hacktool j2eescan jar pentest-tool pentesting python-burp sendto shiro-burp sqlmap waf

Last synced: 13 Mar 2025

https://github.com/p1ngul1n0/blackbird

An OSINT tool to search for accounts by username and email in social networks.

cybersecurity osint pentesting python

Last synced: 13 May 2025